﻿using System;
using System.Data;
using System.Data.OleDb;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using Bass.Tools;
using MySql.Data.MySqlClient;

public partial class admin_admin_login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
           
        }
    }

    protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
    {
        if (Page.IsValid == true)
        {
            if (Request.Cookies["CheckCode"] == null)
            {
                lblMessage.Text = "您的浏览器设置已被禁用 Cookies，您必须设置浏览器允许使用 Cookies 选项后才能使用本系统。";
                lblMessage.Visible = true;
                return;
            }

            if (String.Compare(Request.Cookies["CheckCode"].Value, txtCheckCode.Text, true) != 0)
            {
                lblMessage.Text = "*验证码错误";
                lblMessage.Visible = true;
                return;
            }
            else
            {
                //OleDbConnection Conn = new OleDbConnection();
                //Conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" + "Data Source=" + Server.MapPath("../miumiu.mdb");
                //Conn.Open();

                //取到连接字符串
                string propertiesPath = Server.MapPath("../mysqldb.properties");
                mytools mt = new mytools();
                string ConnString = mt.getMysqlConn(propertiesPath);

                //打开连接
                MySqlConnection myConnection = new MySqlConnection(ConnString);
                myConnection.Open();

                string pwd = this.userpwd.Text.ToString();
                string pwd_md5 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, "md5");
                string sqlstr = "select count(*) from admin_info where adminname='" + this.username.Text.ToString() + "' and adminpwd='" + pwd_md5 + "'";
                MySqlCommand sun = new MySqlCommand(sqlstr, myConnection);
                int count = Convert.ToInt32(sun.ExecuteScalar());
                if (count > 0)
                {
                    Session["adminname"] = this.username.Text.ToString();
                    string sql = "select adminkind from admin_info where adminname='" + this.username.Text.ToString() + "' and adminpwd='" + pwd_md5 + "'";
                    MySqlCommand adminkind1 = new MySqlCommand(sql, myConnection);
                    string adminkind = adminkind1.ExecuteScalar().ToString();
                    Session["adminkind"] = adminkind.ToString();
                    Session.Timeout = 600;
                    myConnection.Close();
                    if (adminkind == "product")
                    {
                        Response.Redirect("adminproduct_index.aspx");
                    }
                    else if (adminkind == "user")
                    {
                        Response.Redirect("adminuser_index.aspx");
                    }
                    else if (adminkind == "super")
                    {
                        Response.Redirect("adminsuper_index.aspx");
                    }
                    
                }
                else
                {
                    Response.Write("<script language=javascript>alert('您输入的用户名或者密码有误');location='javascript:history.go(-1)'</script>");
                }
            }
        }
    }
    protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
    {
        string username1 = this.username.Text.ToString();
        for (int i = 0; i < (int)username1.Length; i++)
        {
            string name = username1.Substring(i, 1);
            if (name == "'" || name == "%" || name == "<" || name == ">" || name == "&" || name == "|")
            {
                args.IsValid = false;
            }
            else
            {
                args.IsValid = true;
            }
        }
    }

}

